HSTS, the HTTP Strict Transport Security protocol, has been approved as a proposed standard by the IETF. HSTS is designed to allow web sites to ensure that only secure connections are being made to them by informing browsers that they should use a secure connection. The mechanism works by the server responding with a Strict-Transport-Security header which signals to the browser that it should connect using HTTPS for a time, not only for this connection but, potentially for subdomains as well. Once a browser gets this header it is under orders to only use secure connections to the site.

__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump